Re: [EWG] [LDWG] [FBSD_LDWG] (272902) Laptop Project: Wi-Fi privacy/security: clear-text passwords for WPA-EAP e.g. eduroam

From: Chris Moerz <freebsd_at_ny-central.org>
Date: Sun, 12 Jan 2025 17:06:28 UTC
On Sun, 12 Jan 2025, Graham Perrin wrote:
> On 11/01/2025 23:47, Tomek CEDRO wrote:
>
> > https://man.freebsd.org/cgi/man.cgi?wpa_passphrase ? :-)
>
> <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272902#c3> a PSK is not
> applicable in wpa_gui.
>

What would be the expected behavior/implementation in this case?

I believe with regular WPA2, one can simply store the hash value instead
of the password. I suspect that's what we would like to get for eduroam
(TLS-EAP) too?

Supposedly, this should generate a hash value that represents the password
but we would likely have to update our stack to support this?

echo -n password_here | iconv -t utf16le | openssl md4
(source: https://bbs.archlinux.org/viewtopic.php?id=144471)

Alternatively, one could encrypt the password, but then we'd need to enter
a password for decryption every time we want to read in the conf.

chris